REMARKS 

Claims 1-33 are currently pending. In the January 9, 2007 Office Action, the 
Examiner rejected claims 21-30 and 33 under 35 U.S.C. § 101 as directed to non- 
statutory matter. In addition, claims 1-9, 11-19, 21-29, and 31-33 were rejected under 35 
U.S.C. § 102(b) as being anticipated by U.S. Publication No. 2002/0091798 to Joshi et al. 
(hereinafter "Joshi"); and rejected claims 10, 20, and 30 under 35 U.S.C. § 103(a) as 
being unpatentable over Joshi. Applicants respectfully traverse the rejections for the 
reasons set forth hereinbelow. 

Independent claims 21 and 33 have been amended to recite that the computer 
product is stored in a tangible computer-readable medium. Applicants submit, therefore, 
that the rejection of claims 21-30 and 33 under 35 U.S.C. §101 has been overcome. 

Applicants' invention, as claimed in independent claims 1, 1 1, 21, 31, 32, and 33, 
is directed to an apparatus, method, computer program and computer program product for 
performing authentication operations. In various embodiments of Applicants' invention 
as claimed in the aforementioned independent claims, a client requests a resource from a 
server and a non-certificate-based authentication operation is performed through an SSL 
(Secure Sockets Layer) session between the server and the client. When the client 
subsequently requests another resource and the server determines to step up to a more 
restrictive level of authentication, a certificate-based authentication operation is 
performed through the SSL session without exiting or renegotiating the SSL session prior 
to completion of the certificate-based authentication operation . 

In the rejection under 35 U.S.C. §102, Examiner alleges that the Joshi reference 
teaches all of the limitations discussed above. It is clear, however, that Joshi does not 
teach a first resource request authenticated through an SSL session and a subsequent 
request , wherein and a certificate-based authentication operation is performed through the 
SSL session without exiting or renegotiating the SSL session prior to completion of the 
certificate based operation . Referring to paragraphs 144 and 145 cited by Examiner, 
Joshi states that the authentication scheme can specify " one of four challenge methods." 
One of the authentication methods listed, X.509, can be used over an SSL connection 
between a user's browser and a web server host. Joshi does not disclose performing 
authentication for a second resource request without exiting the SSL session . Applicants 
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respectfully submit, therefore, that Examiner has failed to provide a reference or 
combination of references that anticipates Applicants' independent claims as required 
under 35 U.S.C. §102. 

With regard to the rejection of claims 10, 20, and 30, Applicants respectfully 
submit that these claims are allowable based upon an allowable base claim for the reasons 
set forth above. Applicants further submit that Examiner has mischaracterized the 
process disclosed in Figure 35. Examiner asserts that Figure 35 discloses the "sending a 
second resource request from the client to the server through the SSL session." (emphasis 
added) Referring to the description associated with Figure 35, (in paragraph 203) Joshi 
describes the process steps in Figure 35 as an embodiment, not as a continuation of a 
prior embodiment. Furthermore, reference numeral 1348 does not state a second resource 
request. Indeed, the only possible reading of the process described in Figure 35 is the 
sending of a single resource request from the client to the server. Likewise, Applicants 
submit that reference numeral 1366 does not disclose that a second resource response is 
received from the server at the client, since no first resource response is shown in Figure 
35. 

On page 9 of the Office Action, Examiner has taken "official notice" that several 
processing steps recited in claims 10, 20, and 30 are obvious in view of the nature of the 
teachings of Joshi. Applicants respectfully traverse the rejection of these claims based on 
official notice and request Examiner to provide documentary evidence. In view of the 
fact that dependent claims 10, 20, and 30 are allowable as being dependent upon 
allowable base claims, Applicants respectfully submit that the rejection of these claims 
under 35 U.S.C. 103 should be removed for the reasons discussed above. If, however, 
Examiner persists with the rejection of dependent claims 10, 20, and 30, Applicants 
respectfully request that the documentary evidence be submitted in the next office action. 
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CONCLUSION 



In summary, Applicants respectfully submit that independent claims 1, 11,21,31, 
32, and 33 are allowable over the art of record for the reasons set forth above. Applicants 
further submit that all of the dependent claims are allowable since they depend from 
allowable base claims. In view of the amendments and remarks set forth herein, the 
application is believed to be in condition for allowance and a notice to that effect is 
solicited. Nonetheless, should any issues remain that might be subject to resolution 
through a telephonic interview, the examiner is requested to telephone the undersigned. 

Respectfully submitted, 



ELECTRONICALLY FILED 
April 9, 2007 



/Gary W. Hamilton/ 

Gary W. Hamilton 
Attorney for Applicants 
Reg. No. 31, 834 
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